Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

osTicket Session Fixation Vulnerability (CVE-2022-31888)

Description

Session Fixation vulnerability in in function login in class.auth.php in osTicket through 1.16.2.

Remediation

References

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2007-3862)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2660)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-17302)

WordPress Plugin Newsletter Manager PHP Object Injection (1.5.1)

GlassFish CVE-2017-10385 Vulnerability (CVE-2017-10385)

Severity

High

Classification

CVE-2022-31888 CWE-384 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities